Search Results (Refine Search)
- CPE Product Version: cpe:/a:ibm:integration_bus:10.0
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-1693 |
IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. IBM X-Force ID: 134164. Published: January 19, 2018; 9:29:00 AM -0500 |
V3.0: 5.6 MEDIUM V2.0: 6.8 MEDIUM |
CVE-2017-1144 |
IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033. Published: July 05, 2017; 2:29:00 PM -0400 |
V3.0: 2.5 LOW V2.0: 1.9 LOW |
CVE-2016-9706 |
IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918. Published: February 15, 2017; 2:59:01 PM -0500 |
V3.0: 9.1 CRITICAL V2.0: 8.5 HIGH |
CVE-2016-9010 |
IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM Reference #: 1997906. Published: February 15, 2017; 2:59:01 PM -0500 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-8918 |
IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials. Published: February 01, 2017; 3:59:02 PM -0500 |
V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-0394 |
IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files. Published: February 01, 2017; 3:59:00 PM -0500 |
V3.0: 3.3 LOW V2.0: 2.1 LOW |
CVE-2016-2961 |
The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then reading the Java stack trace. Published: July 02, 2016; 10:59:17 AM -0400 |
V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2015-7399 |
IBM WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.6 and IBM Integration Bus 9 before 9.0.0.3 and 10 before 10.0.0.0 allow remote attackers to obtain sensitive information about the HTTP server via unspecified vectors. Published: January 11, 2016; 6:59:02 AM -0500 |
V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2015-2018 |
IBM Integration Bus 9 and 10 before 10.0.0.1 and WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.7 do not ensure that the correct security profile is selected, which allows remote authenticated users to obtain sensitive information via unspecified vectors. Published: August 23, 2015; 11:59:00 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |